PHPDeveloper.org: Chris Shiflett's Blog: PHP Insecurity

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

News Archive

Ken Guest's Blog: PHP for Enterprise/Business Whitepaper

PHPImpact Blog: PHP: Spaghetti alla Bolognese

CSS-Tricks.com: PHP for Beginners: Building Your First Simple CMS

IBuildings Blog: Book Review: TYPO3 Extension Development

Job Posting: Bayser Consulting Seeks Analytical Programmer (Skokie, IL)

Vinu Thomas' Blog: PHP functions in Javascript using PHP.JS

Job Posting: Revelation Partners (Recruiter) Seeks Mid-Principal PHP Developer (Boston, MA)

Community News: php|architect Free Webcast Series

Site News: Popular Posts for the Week of 01.09.2009

ElePHPant World Tour: The Elephpant World Tour 2008 is done!

Chris Shiflett's Blog:
PHP Insecurity

by Chris Cornutt January 24, 2006 @ 06:34:00

Chris Shiflett's latest post mentions this criticism of PHP's insecurity as made by Andrew van der Stock.

Andrew van der Stock has written a strong criticism of PHP's insecurity. Andrew is a seasoned security expert and a major contributor to OWASP, and he states:

"After writing PHP forum software for three years now, I've come to the conclusion that it is basically impossible for normal programmers to write secure PHP code. It takes far too much effort."

He continues, citing specific areas where he thinks PHP is weak and asserting that "PHP must now mature and take on a proper security architecture."

Chris also mentions that some of the reasons Andrew mentions include register_globals, magic_quotes_gpc, and safe_mode - all due to be removed in the latest PHP version (6). Also, be sure to check out the comments on the post for a good bit more information and discussion...

0 comments voice your opinion now!
php insecurity security strong criticism against too much power php insecurity security strong criticism against too much power

Similar Posts

Jim Plush\'s Blog: JSON extension to be bundled into the PHP core?

Utah PHP Users Group: Meeting May 18th 2006 @ 7pm

Sebastian Bergmann\'s Blog: PHP - kurz & gut (Pocket Reference Update)

PHP Zurich: Meeting Details - March 14th, 2006 @ 6:30pm

Zend Developer Zone: Mail Call!

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework